BitLocker Encryption Advice

DIYhelp76

Hello

I have been asked to encrypt my laptop because I use it also for work purposes. 

I have Windows 10 Pro and am told that BitLocker is included and I can just enable/activate this. 

I have no real understanding about this so was wondering if anyone can help.

My understanding is that I'll be prompted to set a password and will then need to enter that password every time I switch on my laptop and if I lose the password I lose access to the laptop. Are there any other drawbacks?  I presume it doesn't adversely affect my stored files/folders.

Can it be switched on and off at will? 

I guess it is a good safeguard in case laptop ever gets stolen, but I'm hesitant until I understand properly the ins and outs. 

Thanks in advance.

mluton

Yes it can be turned on, but keep the key safe, very safe that is created when you turn on the feature, it will ask how you want to store they key.

This is separate from start-up the password. Its a pain to enter the password on boot, it can be turned off if needed. But best kept on.

mluton

Do you have a work 365 account ?, you key will be stored in the azure AD account.

Le_Kirk

DIYhelp76 said:

Hello
I have been asked to encrypt my laptop because I use it also for work purposes. 

Can your company IT department help (assuming company is big enough to have one).

cx6

go to control.panel

go to bitlocker

turn on bitlocker for drive c

choose password option and enter your selected bitlocker password

you will be prompted for a location to store a recovery key to be used if you forget your password. Obviously keep this safe going forward - store it on a usb drive and also print it off

the drive will be encrypted

once complete, tick the box to automatically unlock the drive at startup if you want (thus you won't have to enter your password on startup)

this means c: will be encrypted and if anyone eg steals your laptop and removes the drive it will look like gibberish

repeat for any other drives on the laptop if required

Le_Kirk

cx6 said:

once complete, tick the box to automatically unlock the drive at start-up if you want (thus you won't have to enter your password on start-up)

this means c: will be encrypted and if anyone eg steals your laptop and removes the drive it will look like gibberish

A genuine question - what is the point of this if, at start-up, the drive is unlocked as, if anyone steals the laptop, it will unlock on start-up.  It may of course be protected by a start-up password but then the laptop is only as secure as that start-up password and the bit locker password becomes redundant?

cx6

yes of course - along with this you need protection on startup - windows 'hello' eg PIN or fingerprint

Bitlocker is to mitigate against someone unable to boot your laptop because they don't know the PIN and simply removing the drive and putting it in another system to access the data.

outtatune

Will you employer not provide you with a work laptop? If not, tell them that how you use your own personal laptop is your business, not theirs.

DIYhelp76

Hi all

Many thanks for the helpful replies. In reply to some of the points, the work I'm doing will be on a self employed basis, so using my own laptop for personal and this self employed work.  No, no help from an IT department unfortunately. No, I don't think I have a "365 Azure" account.

I think I'm happy to switch on the Bitlocker option, so long as it has no drawbacks for me.  At the moment, when I switch on laptop I enter a Password I created myself for opening the laptop.  Does this mean that when I switch it on in future, I will have to enter this existing Password and then also the new Bitlocker one?  (Do the two passwords work in tandem together, so no conflicts - or do I need to disable the first password option before setting up Bitlocker). Apols if stupid question, I just don't want to install it and then find I can't open the laptop and/or access my files!!

And would this happen every time the laptop times out during periods of inactivity?  Having to enter both passwords again?

I've noted that it's possible to tick the box for automatic unlock at start up (and this would avoid entering 2 passwords) but I think that's not the level of protection this employer will demand. 

In people's experience, so long as you remember the Bitlocker password, does it work safely and you never find yourself locked out?  I will do a back up of all my files before installation just in case.

Many thanks

unforeseen

I've noted that it's possible to tick the box for automatic unlock at start up (and this would avoid entering 2 passwords) but I think that's not the level of protection this employer will demand. 

You may be self employed but if this client is asking for this security feature then THEY  need to provide the laptop to do this. 

Apart from which, as you are probably/possibly using Windows 10 Home then Bitlocker is not available, although you have something called "device encryption" available

400ixl

When you say you have to enter a password when you switch it on, do you mean before Windows has booted up?

If so, this is likely to be a BIOS protection password to stop anyone being able to change those settings before the boot up of the device. This probably isn't needed.

If you mean the Windows password to login then the bitlocker password will come before that, and after the BIOS one if that is what you meant.

There aren't really any downsides in day to day use of deploying bitlocker yourself. Just make sure you save the recovery key somewhere safe in case it is needed in the future. Obviously that safe place can't be on the local device itself, so some cloud storage, a usb drive, good old printed paper etc.

You will be asked for your bitlocker password whenever you boot the PC but logging off / locking the PC will not ask for it to log back in.